Fix for <rdar://problem/5585334>
[WebKit-https.git] / WebCore / platform / graphics / cg / ImageBufferCG.cpp
index 8e35dcb9b7e165d4942dca02a2ee3ad61e892dc6..34fe6cde712c2ff66fa5d81cdeafb3427e41c644 100644 (file)
@@ -37,10 +37,16 @@ namespace WebCore {
 
 auto_ptr<ImageBuffer> ImageBuffer::create(const IntSize& size, bool grayScale)
 {
+    if (size.width() <= 0 || size.height() <= 0)
+        return auto_ptr<ImageBuffer>();        
     unsigned int bytesPerRow = size.width();
-    if (!grayScale)
+    if (!grayScale) {
+        // Protect against overflow
+        if (bytesPerRow > 0x3FFFFFFF)
+            return auto_ptr<ImageBuffer>();            
         bytesPerRow *= 4;
-    
+    }
+
     void* imageBuffer = fastCalloc(size.height(), bytesPerRow);
     if (!imageBuffer)
         return auto_ptr<ImageBuffer>();